Disable Shutdown For Normal Users March 20, 2006

Sometimes, when you have one computer shared among multiple users, and you don’t want normal users (users who are not admins), that is, anyone who is not you ;) to be able to shutdown the computer, then you can follow the following steps. Some of this is from the useful fedora mailing list email, and some from the ubuntu-users mailing list (thanks to Olafur Arason). I tried the instructions below on my computer, and this should work for you.

Again, this will allow only admin users with sudo privileges to shutdown the computer, for other “normal” users, the logout menu will allow them to do only that, log out!

Step1:
Open /etc/X11/gdm/gdm.conf in a text editor and find the [greeter] section. Make sure that there is a line which says SystemMenu = false. This line will ensure that the gdm login screen will not have the option for shutting down the system etc.

Step 2:
If you have a laptop, or an acpi system on your computer, then go to /etc/acpi and disable the power button, so that, when someone presses the power button, the system does not shutdown. You can disable this easily by doing chmod 000 /etc/acpi/powerbtn.sh

This is all good, but is there a way to have the exit panel show shutdown and restart for certain users and not for others? Without having to use the shell. Also
$sudo shutdown -t3 -r now
doesn’t shutdown the system, well it does, but it
FTMP – Requests that the system be rebooted after it has been brought down.
$sudo shutdown -t3 -H now
FTMP – Requests that the system be halted after it has been brought down.
-thanks

Step 5 doesn’t work anymore. To get to the configuration editor, type gconf-editor to a shell prompt.

However, the default is already “logout”, yet today someone shut down my machine by going to the log out button on the panel and selecting the shutdown option when the window with options appeared. How can I disable that? That icon isn’t even putting up a corresponding process, so I don’t know what program is actually running. The icon has no preferences nor does the panel have any relevant ones. Clearly it must be using some set-uid program or a /proc-type of file. Which, and how to turn it off?

I have set up a computer in a separate room, so that the users can only access the mouse, the keyboard and the monitor. Thus Step 2 can be skipped, but I have a problem with Step 5 – this is done in the user configuration, so the user can also circumvent it. Is there a better solution?
I wonder how one can configure that CTRL+ALT+DEL only works for certain users – usually it even works on ttys where no login prompt is running, except on ttys with X. I’ll have to test this one. As a temporary workaround I will create a dummy user and log him in/lock the screen when I start the computer, so no one can shut it down (together with Step 1).

What I need is to keep the power off button enabled on the login screen (GDM) but no power off option from a user session, I mean, there must be no option for shutdown/suspend/hibernate on the logout menu/button.
Sometimes, people click on the wrong place and shutdown, suspend or hibernate the computer by mistake when they’re trying to logout. I want to avoid that by forcing the user to logout first and then power off as a separate action to be done only if it is really necessary.